<?php
	//Start sessions 
 	session_start(); 
	
	//Database connection parameters
	require('./include/phpsqlajax_dbinfo.php');
		
	$connection = mysql_connect ($server, $username, $password);
	
	 // Opens a connection to a MySQL server.	
	if (!$connection){
	  die('Not connected : ' . mysql_error());
	}
	
	// Sets the active MySQL database.
	$db_selected = mysql_select_db($database, $connection);
	if (!$db_selected){
	  die ('Can\'t use db : ' . mysql_error());
	}
	
	//Set result charset to UTF-8
	mysql_query('SET NAMES "utf8"');
	
	// Select a row with the user data from loginForm
	$query = 'SELECT * FROM users WHERE username="'.$_POST['username'];
	$query .= '" AND password=MD5("'.$_POST['password'].'") LIMIT 1';
	
	$result = mysql_query($query);
	
	//Check if row with user data exists or not
	 if(mysql_num_rows($result)==1) {
		 $user=mysql_fetch_assoc($result);
	 	if($user['Privilegs_idPrivilegs'] == '1'){
		 	
			//Store user privileges in session variable
		 	$_SESSION['privileges'] = $user['Privilegs_idPrivilegs'];
				
			//Store username in session variable	
			$_SESSION['username'] = $user['username'];
		 };
		 if ($user['Privilegs_idPrivilegs'] == '2') {
				
			//Store user privileges in session variable
		 	$_SESSION['privileges'] = $user['Privilegs_idPrivilegs'];
				
			//Store username in session variable	
			$_SESSION['username'] = $user['username'];
		 }
	 }
	 else{
	 	echo 'false';
	}	
?>